JIS  Vol.2 No.2 , April 2011
Proposed Framework for Security Risk Assessment
Abstract: Security risk assessment framework provides comprehensive structure for security risk analysis that would help uncover systems’ threats and vulnerabilities. While security risk assessment is an important step in the security risk management process, this paper will focus only on the security risk assessment framework. Viewing issues that exist in a current framework, we have developed a new framework for security risk and vulnerabilities assessment by adding new components to the processes of the existing framework. The proposed framework will further enhance the outcome of the risk assessment, and improve the effectiveness of the current framework. To demonstrate the efficiency the proposed framework, a network security simulation as well as filed tests of an existing network where conducted.
Cite this paper: nullZ. Saleh, H. Refai and A. Mashhour, "Proposed Framework for Security Risk Assessment," Journal of Information Security, Vol. 2 No. 2, 2011, pp. 85-90. doi: 10.4236/jis.2011.22008.

[1]   The Office of the Government Chief Information Officer, “Security Risk Assessment and Audit Guidelines”, 2009.

[2]   T. Even, “A Unified Framework For Risk and Vulnerability Analysis Covering Both Safety and Securi-ty”, Reliability Engineering and System Safety, Vol. 92, No. 6, 2007, pp. 745-754. doi:10.1016/j.ress.2006.03.008

[3]   G. Stoneburner, A. Goguen, A. Feringa, “Risk Management Guide for In-formation Technology Systems”, 2002.

[4]   Homeland Security, “National Infrastructure Protection Plane Risk Management Framework”, (2009).

[5]   M. D. Cavelty, “Critical Information Infrastructure: Vulnerabilities, Threats and Responses” Disarmament Forum ICTs and International Security, No. 3, 2007, pp. 15-22.

[6]   R. Olsson, “In Search of Opportunity Man-agement: Is the Risk Management Process Enough?” In-ternational Journal of Project Management, Vol. 25, No. 8, November 2007, pp. 745-752. doi:10.1016/j.ijproman.2007.03.005

[7]   S. Posthumus, R. Solms, “A Framework for the Governance of Informa-tion Security”, Computer and Security, Vol. 23, No. 8, December 2004, pp. 638-646. doi:10.1016/j.cose.2004.10.006

[8]   Akelainc, “What Risk and Vulnerability Assessment”, 2009.

[9]   Insight Networking, “Risk and Vulnerabilities Assessment”, 2009.

[10]   S. Bajpai, A. Sachdeva, J. Gupta, “Security Risk Assessment: Applying the Concept of Fuzzy Logic”, Journal of Hazardous Materials, Vol. 173, No. 1-3, Jan-uary 2010, pp.258-264. doi:10.1016/j.jhazmat.2009.08.078

[11]   A. Veiga, J. Eloff, “A Framework and Assessment for Information Security Culture”, Computer and Security, Vol. 29, No. 2, March 2010, pp. 196-207. doi:10.1016/j.cose.2009.09.002

[12]   Dunn Myriam, “A Comparative Analysis of Cyber security Initiatives Worldwide”, WSIS Thematic Meeting on Cybersecurity, Geneva, 28 June-1 July 2005.

[13]   SpiceWorks Inc., “SpiceWorks, IT Is Everything”, April 14, 2010.